Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 02:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0b950fbccf962e603ae0d01ed734810a.dll
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
0b950fbccf962e603ae0d01ed734810a.dll
-
Size
188KB
-
MD5
0b950fbccf962e603ae0d01ed734810a
-
SHA1
c36ad3da620feb978236aa5e5fc1f0fe88bce95f
-
SHA256
62bb11221afbc42718bc0b44a1edef405aa25d7b6744bf84e0588bab47b22217
-
SHA512
a037679b691234e08c9ab9164af4b8026fdf9b87d1ae2aa1ce0b75de7f841203240120e16173f6893d7ee3a9696cd4c5e52f77d2d85d2895c6ce484552922368
-
SSDEEP
3072:GA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAojo:GzIqATVfQeV2FZalKq6jtGJWuTmd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2104 2532 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2512 wrote to memory of 2532 2512 rundll32.exe 14 PID 2532 wrote to memory of 2104 2532 rundll32.exe 29 PID 2532 wrote to memory of 2104 2532 rundll32.exe 29 PID 2532 wrote to memory of 2104 2532 rundll32.exe 29 PID 2532 wrote to memory of 2104 2532 rundll32.exe 29
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b950fbccf962e603ae0d01ed734810a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 3002⤵
- Program crash
PID:2104
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b950fbccf962e603ae0d01ed734810a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2512